A Robust and Flexible Biometrics Remote User Authentication Scheme
Biometric-based authentication systems are widely deployed for person identification. Recently, an improved scheme for flexible biometrics remote user authentication was proposed by Khan and Zhang. In this paper, they demonstrate that Khan-Zhang's scheme is still vulnerable to the following two attacks: it is insecure to parallel session attack in which an adversary without knowing a legal user's password and biometrics information can masquerade as the legal user by somehow crafting a valid login message from eavesdropped communications between the user and the remote system; it is in-secure to privileged insider's attack since a legal user's password can be easily revealed to the insider attacker of the remote system. Moreover, they figure out how to eliminate the security vulnerabilities of Khan-Zhang's scheme.